Appendix D - FortiGuard Updates
For deployments that have Internet connections, FortiNDR relies on the Internet to get updates via the FortiGuard Distribution Network. In the occasions where FortiNDR cannot reach the Internet, you have the following options:
Malware artificial neural network (ANN) updates: You can update the ANN manually. These updates (in several GB) can be obtained via support website (https://support.fortinet.com) with a registered support contract. The latest ANN version can be viewed at: https://www.fortiguard.com/services/fortindr
Other detection techniques:
The following table summarises whether detection will work on/off line (no internet access). All of the detection techniques below can be updated via FortiGuard Distribution Network (Internet).
Detection Techniques |
Requires Internet |
Comments |
---|---|---|
Malware via ANN |
No |
Can be updated manually via GUI. |
AV engine |
Yes |
Shipped by default. Will not update if there's no internet. |
Botnet detection |
|Yes |
Has DB by default. Updates require the Internet. |
Network Attacks / Application control |
Yes |
Has DB by default. Updates require the Internet. |
Encrypted attacks (via JA3) |
Yes |
Has DB by default. Updates require the Internet. |
Weak cipher/vulnerable protocol detection |
Yes |
Has DB by default. Updates require the Internet. |
Device inventory |
Yes |
Lookup IOT services to determine device role/type/OS |
FortiGuard IOC |
Yes |
Cloud lookup to FortiGuard servers. Internet connection required. |
ML Discovery |
No |
Local ML algorithm updates via firmware. |
Geo DB |
Yes |
Has DB by default. updates require the Internet. |